Dune Security API Out Server Integration
Secure and efficient integration for assessing user cyber risk through various detailed endpoints.
Dune Security's API is designed to offer flexible and convenient reporting modalities for assessing user cyber risk. We aim to deliver a seamless integration into your security and visualization stack, ensuring reliable and efficient access to critical data.
Key Features:
- Rate Limiting: Our endpoints support an elastic rate limit of 90 requests per minute, ensuring optimal performance and reliability.
- Authentication: Access to the API is secured with an API Secret Key linked to your company, granting admin-level read-only access. Include the following header in your HTTP request to authenticate:
X-Api-Key: <api-key> - Easy Integration: Built for seamless integration into your existing security and visualization tools, providing straightforward access to the data you need.
Whether you’re enhancing your organization’s cybersecurity measures or integrating the API into your workflows, Dune Security’s API Out Server meets your needs efficiently and effectively.
Endpoints
Employee Risk
The Employee Risk endpoint offers a comprehensive overview of the risk levels associated with each employee in your organization, providing detailed information including email, phone number, full name, and current risk score.
Endpoint: GET data.dunesecurity.io/data/employee_risk
Example cURL Request:
curl --location 'data.dunesecurity.io/data/employee_risk' --header 'X-Api-Key: <api-key>'
Example Output:
[{"current_risk_score": 99,
"email": "paul@arrakis.com",
"first_name": "Paul",
"last_name": "Atreides",
"phone": "10112345678"},
{"current_risk_score": 22,
"email": "duncan@atreidesguard.com",
"first_name": "Duncan",
"last_name": "Idaho",
"phone": "10134567890"}]
Interaction Data
This endpoint delivers key metrics on user interactions with Dune Security testing assets.
Endpoint: GET data.dunesecurity.io/data/interaction_data
Example cURL Request:
curl --location 'data.dunesecurity.io/data/interaction_data' --header 'X-Api-Key: <api-key>'
Example Output:
[{"data_entered_count": 1,
"email": "leto@atreides.com",
"keydown_count": 1,
"url_clicked_count": 2},
{"data_entered_count": 0,
"email": "thufir@mentat.org",
"keydown_count": 0,
"url_clicked_count": 0}]
Compliance Data
The Compliance Data endpoint provides detailed information about user compliance with various security and privacy frameworks.
Endpoint: GET data.dunesecurity.io/data/compliance_data
Example cURL Request:
curl --location 'data.dunesecurity.io/data/compliance_data' --header 'X-Api-Key: <api-key>'
Example Output:
[{"email": "gurney@atreidesguard.com",
"gdpr": true,
"glba": false,
"hipaa": true,
"iso27001": false,
"nist": false,
"pci_dss": false,
"soc2": true},
{"email": "stgar@fremen.org",
"gdpr": false,
"glba": false,
"hipaa": false,
"iso27001": false,
"nist": true,
"pci_dss": true,
"soc2": false},
{"email": "irulan@corrino.com",
"gdpr": true,
"glba": true,
"hipaa": false,
"iso27001": true,
"nist": false,
"pci_dss": false,
"soc2": true}]
Interpretation:
- Null: The user is not required to be compliant under the framework.
- False: The user does not satisfy the framework requirements.
- True: The user is compliant with the framework.
Training Information
The Training Info endpoint provides detailed information about the training modules assigned to users, including current status, number of attempts, latest risk score, email, and department.
Endpoint: GET data.dunesecurity.io/data/training_info
Example cURL Request:
curl --location 'data.dunesecurity.io/data/training_info' --header 'X-Api-Key: <api-key>'
Example Output:
[{"user_email": "jessica@bene-gesserit.org",
"department": "Mentorship",
"training_name": "Introduction to Ransomware",
"status": "completed",
"attempts": 1,
"latest_risk_score": 25.5},
{"user_email": "gurney@atreidesguard.com",
"department": "Defense",
"training_name": "MFA Attacks",
"status": "completed",
"attempts": 1,
"latest_risk_score": 35.75},
{"user_email": "feyd@harkonnen.com",
"department": "Operations",
"training_name": "Pretexting",
"status": "completed",
"attempts": 2,
"latest_risk_score": 70.1}]
Training Completion Percentage
The Training Completion Percentage endpoint provides an overview of training completion rates across the company and by department.
Endpoint: GET data.dunesecurity.io/data/training_completion_percent
Example cURL Request:
curl --location 'data.dunesecurity.io/data/training_completion_percent' --header 'X-Api-Key: <api-key>'
Example Output:
{"Department_level_Completion":
{"Atreides": 60,"Harkonnen": 40,"Fremen": 75,"Bene Gesserit": 71.43,"Spacing Guild": 0,"Sardaukar": 37.5},
"Total_Completion": 47.5}
Phishing Simulation Asset Summary
The Phishing Simulation Assets Summary endpoint provides a summary of user interaction with Dune Security's phishing simulation assets.
Endpoint: GET data.dunesecurity.io/data/simulation_asset_info
Example cURL Request:
curl --location 'data.dunesecurity.io/data/simulation_asset_info' --header 'X-Api-Key: <api-key>'
Example Output:
{
"emails": [
"paul.atreides@arrakis.email",
"lady.jessica@arrakis.email",
"duncan.idaho@arrakis.email",
"stilgar@arrakis.email"
],
"visited_count": 4,
"data_entered_count": 1,
"asset_name": "spice-harvester-agreement.html",
"content": "fremen"
}
Your Feedback Matters
We value your suggestions for enhancing our API’s functionality. If you have ideas for specific data insights, additional reporting capabilities, or integration features, please reach out to our support team. We strive to accommodate your needs and continuously improve our services.
For further assistance, please contact Dune Security Support.